Progent's Ransomware Forensics and Reporting Services in St. Louis
Progent's ransomware forensics experts can save the evidence of a ransomware attack and carry out a detailed forensics investigation without interfering with the processes required for operational continuity and data restoration. Your St. Louis organization can utilize Progent's post-attack forensics documentation to combat subsequent ransomware assaults, validate the restoration of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics analysis involves discovering and describing the ransomware assault's storyline throughout the targeted network from beginning to end. This audit trail of how a ransomware assault progressed through the network helps you to assess the damage and uncovers shortcomings in security policies or work habits that need to be rectified to prevent later breaches. Forensic analysis is typically assigned a high priority by the insurance provider and is often required by state and industry regulations. Because forensic analysis can be time consuming, it is essential that other key activities like operational continuity are performed in parallel. Progent maintains a large roster of information technology and data security experts with the knowledge and experience needed to carry out the work of containment, operational continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics investigation is arduous and calls for close cooperation with the groups assigned to data restoration and, if necessary, payment discussions with the ransomware hacker. forensics can require the examination of logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Activities involved with forensics include:
- Disconnect but avoid shutting off all potentially suspect devices from the system. This may involve closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and configuring two-factor authentication to guard your backups.
- Capture forensically sound images of all suspect devices so your file restoration team can proceed
- Save firewall, VPN, and other critical logs as quickly as possible
- Establish the version of ransomware involved in the assault
- Survey each machine and data store on the network as well as cloud-hosted storage for indications of encryption
- Catalog all compromised devices
- Establish the kind of ransomware used in the attack
- Review logs and sessions in order to determine the timeline of the ransomware assault and to spot any potential lateral migration from the originally infected machine
- Identify the security gaps exploited to perpetrate the ransomware assault
- Search for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Separate URLs embedded in email messages and check to see if they are malicious
- Produce detailed attack documentation to satisfy your insurance and compliance regulations
- List recommended improvements to shore up security gaps and improve workflows that lower the risk of a future ransomware exploit
Progent has delivered online and on-premises network services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in core technologies such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and ERP applications. This broad array of expertise allows Progent to salvage and integrate the undamaged pieces of your IT environment after a ransomware intrusion and reconstruct them quickly into an operational network. Progent has collaborated with top insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in St. Louis
To find out more information about ways Progent can help your St. Louis organization with ransomware forensics analysis, call 1-800-993-9400 or see Contact Progent.